custom header key rather than "authorization"

[m-esm]

Hi guys,

first of all thanks for sharing this repo.

I needed custom header key for my project, which already uses "authorization" key for another need.

[LionC]

Hi @m-esm,

I do not think that using the Authorization header for anything else than auth* is a good idea (and neither is having two auth headers in one request), so I do not plan to support that use case.

However, you can achieve that using middleware before my middleware that swaps / caches the header. Alternatively, wait for v2, which will allow req as an argument for custom authorizers.

But again, I highly recommend to rethink your design here.

Closing this for now.

[m-esm]

@LionC thanks for your response, it was for a situation that we couldn't change the actual project but we wanted to add an extra layer of security just for precaution. it happens occasionally in security teams which getting to secure a project with a "bad design". we usually use Nginx-basic-auth-proxy for this matter. but I wanted to try a different way to enable identifying basic auth credential user which is not possible if you cache/swap your header keys.